keep it to yourself

Starting from today, the main Clipperz server is located in Amsterdam. At the same time we are keeping a backup server in Reykjavík where data are mirrored.
Why this redundant setup? To get the best of both worlds: an hyperconnected data center on mainland Europe, combined with the protection offered by Icelandic legal system.

During the last week of April and the first week of May 2014, a Cure53 team, lead by Mario Heiderich, performed a thorough penetration test in order to spot bugs and vulnerabilities in Clipperz password manager. Today we are ready to share the outcomes of their awesome work.

I really appreciated Tim Bray’s post “Trusting browser code”. His
pragmatism resonated with me and Giulio Cesare. At Clipperz we’ve been dealing with the issue of secure Javascript code delivery since 2006, but this is still an open issue that is eventually attracting the attention of some bright minds.
This post is an effort to reaching out to the small community of people interested in web crypto in order to share ideas and perspectives.

Resiliency is a quality Clipperz has committed itself since its inception. Just think of the offline copy, the open source code, the relocation to Iceland, the OTPs, … all these feats came from the desire of building an online password manager capable to resist difficulties or quickly recover from them. An ongoing endeavour that still has the highest priority. Especially now that someone is clearly aiming to stop it.

All things considered, 2013 was a decent year for Clipperz. We didn’t expect any revenues from paid subscribers, but we wished to be able to launch the paid service by the end of the year. We missed that deadline on purpose, because we didn’t feel comfortable asking for (crypto) money until we can provide a good mobile experience. And designing a good interface takes time, especially when usability is intertwined with security.

A few weeks ago the bank Clipperz has been using for years informed us that they have unilaterally decided to terminate our bank account. Why? No reason given, at least on paper. Informally we’ve been told that they were troubled by our fraudulent wires story. (click the image below to download the complete letter in PDF)

We are just back from JS Day 2013, a really stimulating conference on Javascript held in Verona (Italy). Giulio gave a talk on what he learned about designing and building single-page web applications. And given that Clipperz online password manager is probably the most extreme case of this kind of apps, he knows quite a lot on this topic that is also strictly related to the security architecture of Clipperz. See his slide deck below.

Clipperz only accepts Bitcoins!

Try Clipperz for 45 days and then, if you like it, choose one of the paid plans. Clipperz is committed to guarantee its users as much anonymity as possible, therefore it only accepts bitcoins! No credit cards, no Paypal, no bank transfers. Just bitcoins.Learn more.